52 matches found
UBUNTU-CVE-2017-7617
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chansip, the CDR dialplan function, and the AMI Monitor action...
CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
DEBIAN-CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
Design/Logic Flaw
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
CVE-2014-8417
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...
CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
CVE-2014-8418
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protoco...
AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions
Asterisk Project Security Advisory - AST-2014-017 Product Asterisk Summary Permission escalation through ConfBridge actions/dialplan functions Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On November 4, 2014 Report...
FreeBSD : asterisk -- Multiple vulnerabilities (a92ed304-716c-11e4-b008-001999f8d30b)
The Asterisk project reports : AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:218)
Multiple vulnerabilities has been discovered and corrected in asterisk : Remote crash when handling out of call message in certain dialplan configurations CVE-2014-6610. Asterisk Susceptibility to POODLE Vulnerability CVE-2014-3566. Mixed IP address families in access control lists may permit...
asterisk -- Multiple vulnerabilities
The Asterisk project reports: AST-2014-014 - High call load may result in hung channels in ConfBridge. AST-2014-017 - Permission escalation through ConfBridge actions/dialplan functions...
Asterisk ReceiveFax Dialplan Application Remote DoS (AST-2014-010)
According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a denial of service vulnerability in the ReceiveFax Dialplan application. This is due to a flaw in the 'resfaxspandsp' module, which is caused by the improper handling of...
AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations
Asterisk Project Security Advisory - AST-2014-010 Product Asterisk Summary Remote crash when handling out of call message in certain dialplan configurations Nature of Advisory Remotely triggered crash of Asterisk Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Report...
FreeBSD : asterisk -- Remotely triggered crash (e60d9e65-3f6b-11e4-ad16-001999f8d30b)
The Asterisk project reports : When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...
asterisk -- Remotely triggered crash
The Asterisk project reports: When an out of call message - delivered by either the SIP or PJSIP channel driver or the XMPP stack - is handled in Asterisk, a crash can occur if the channel servicing the message is sent into the ReceiveFax dialplan application while using the resfaxspandsp module...
Debian DSA-2835-1 : asterisk - buffer overflow
Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. An additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.html With the fix for AST-2013-007, a new configuration option was added in order to allow...
Debian Security Advisory DSA 2835-1 (asterisk - buffer overflow)
Jan Juergens discovered a buffer overflow in the parser for SMS messages in Asterisk. An additional change was backported, which is fully described in http://downloads.asterisk.org/pub/security/AST-2013-007.htmlWith the fix for AST-2013-007, a new configuration option was added in order to allow...
DSA-2835-1 asterisk - buffer overflow
Bulletin has no description...
AST-2013-007: Asterisk Manager User Dialplan Permission Escalation
Asterisk Project Security Advisory - AST-2013-007 Product Asterisk Summary Asterisk Manager User Dialplan Permission Escalation Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known None Reported On November 25, 2013 Reported By Matt...